You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rpc-dev@xml.apache.org by bu...@apache.org on 2003/01/23 11:39:28 UTC
DO NOT REPLY [Bug 16355] New: -
Authenticated handler
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16355>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16355
Authenticated handler
Summary: Authenticated handler
Product: XML-RPC
Version: unspecified
Platform: All
OS/Version: Other
Status: NEW
Severity: Enhancement
Priority: Other
Component: Source
AssignedTo: rpc-dev@xml.apache.org
ReportedBy: dejan_b@datagate.co.yu
Enable to expose any business object as a handler that performs basic HTTP
authentication, but not to be forced to call only execute() method of the handler.
If AuthenticatedXmlRpcHandler is used you are forced to call only execute
method. The problem with this approach is that we are responsible for
determining what action should be used. This could be a easy task in most cases,
but it could be a big challenge in a complex handler.
Idea is to make your object implement AuthenticatedHandler interface and only
write authenticate method:
public boolean authenticate(String username, String password);
Method should do whatever it takes to check if a username and password belongs
to a valid user. It could connect to a relational database, LDAP or any other
user storage and return true if user is permitted for a call or false otherwise.
After authorization, client can make a call to any public method of your handler.
XmlRpcClient client = new XmlRpcClient(url);
try
{
client.setBasicAuthentication(username, password);
client.execute("authenticated.test", params);
}
catch(Exception ex)
{
System.err.println("Error: " + ex.getMessage());
}
The actual test method will be called.